CVE-2017-2911

Summary

An exploitable vulnerability exists in the remote control functionality of Circle with Disney running firmware 2.0.1. SSL certificates for specific domain names can cause the rclient daemon to accept a different certificate than intended. An attacker can host an HTTPS server with this certificate to trigger this vulnerability.

Affected Software

VendorProductVersion RangeStatus
Circle MediaCirclefirmware 2.0.1affected

Weaknesses

  • SSL certificate

ADP Enrichment

CVE Program Container

Additional References

References